PageRenderTime 58ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-content/plugins/wordpress-https/wordpress-https.php

https://github.com/gregoryo/nycga2
PHP | 922 lines | 603 code | 98 blank | 221 comment | 259 complexity | 334995656e2c3987f6a146f55b8b99d4 MD5 | raw file
Possible License(s): AGPL-1.0, GPL-3.0, GPL-2.0, LGPL-2.1 
    

  1. <?php

    2. 

  2. /*

    3. 

  3.  Plugin Name: WordPress HTTPS

    4. 

  4.  Plugin URI: http://mvied.com/projects/wordpress-https/

    5. 

  5.  Description: WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.

    6. 

  6.  Author: Mike Ems

    7. 

  7.  Version: 1.9.2

    8. 

  8.  Author URI: http://mvied.com/

    9. 

  9.  */

    10. 

  10. 

    11. 

  11. /**

    12. 

  12.  * Class for the WordPress plugin WordPress HTTPS

    13. 

  13.  *

    14. 

  14.  * @author Mike Ems

    15. 

  15.  * @package WordPressHTTPS

    16. 

  16.  * @copyright Copyright 2011

    17. 

  17.  *

    18. 

  18.  * @return object

    19. 

  19.  *

    20. 

  20.  */

    21. 

  21. if ( !class_exists('WordPressHTTPS') ) {

    22. 

  22. 	class WordPressHTTPS {

    23. 

  23. 

    24. 

  24. 		/**

    25. 

  25. 		 * Plugin version

    26. 

  26. 		 *

    27. 

  27. 		 * @var int

    28. 

  28. 		 */

    29. 

  29. 		var $plugin_version = '1.9.2';

    30. 

  30. 

    31. 

  31. 		/**

    32. 

  32. 		 * Plugin URL

    33. 

  33. 		 *

    34. 

  34. 		 * @var string

    35. 

  35. 		 */

    36. 

  36. 		var $plugin_url;

    37. 

  37. 

    38. 

  38. 		/**

    39. 

  39. 		 * HTTP URL

    40. 

  40. 		 *

    41. 

  41. 		 * @var string

    42. 

  42. 		 */

    43. 

  43. 		var $http_url;

    44. 

  44. 

    45. 

  45. 		/**

    46. 

  46. 		 * HTTPS URL

    47. 

  47. 		 *

    48. 

  48. 		 * @var string

    49. 

  49. 		 */

    50. 

  50. 		var $https_url;

    51. 

  51. 

    52. 

  52. 		/**

    53. 

  53. 		 * Shared SSL

    54. 

  54. 		 *

    55. 

  55. 		 * @var boolean

    56. 

  56. 		 */

    57. 

  57. 		var $shared_ssl = false;

    58. 

  58. 

    59. 

  59. 		/**

    60. 

  60. 		 * Default options

    61. 

  61. 		 *

    62. 

  62. 		 * @var array

    63. 

  63. 		 */

    64. 

  64. 		var $options_default = array(

    65. 

  65. 			'wordpress-https_internalurls' => 1,		// Force internal URL's to HTTPS

    66. 

  66. 			'wordpress-https_externalurls' => 0,		// Force external URL's to HTTPS

    67. 

  67. 			'wordpress-https_bypass' => 0,				// Bypass option to check if external elements can be loaded via HTTPS

    68. 

  68. 			'wordpress-https_disable_autohttps'=> 0,	// Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.

    69. 

  69. 			'wordpress-https_exclusive_https'=> 0,		// Exclusively force SSL on posts and pages with the `Force SSL` option checked.

    70. 

  70. 			'wordpress-https_frontpage'=> 0,			// Force SSL on front page

    71. 

  71. 			'wordpress-https_sharedssl'=> 0,			// Enable Shared SSL

    72. 

  72. 			'wordpress-https_sharedssl_admin' => 0,		// Shared SSL for admin panel

    73. 

  73. 			'wordpress-https_sharedssl_host' => '',		// Hostname for Shared SSL

    74. 

  74. 			'wordpress-https_external_urls' => array()	// External URL's that are okay to rewrite to HTTPS

    75. 

  75. 		);

    76. 

  76. 

    77. 

  77. 		/**

    78. 

  78. 		 * Initialize plugin (PHP4)

    79. 

  79. 		 *

    80. 

  80. 		 * @param none

    81. 

  81. 		 * @return void

    82. 

  82. 		 */

    83. 

  83. 		function WordPressHTTPS() {

    84. 

  84. 			$argcv = func_get_args();

    85. 

  85. 			call_user_func_array(array(&$this, '__construct'), $argcv);

    86. 

  86. 		}

    87. 

  87. 

    88. 

  88. 		/**

    89. 

  89. 		 * Initialize plugin (PHP5+)

    90. 

  90. 		 *

    91. 

  91. 		 * @param none

    92. 

  92. 		 * @return void

    93. 

  93. 		 */

    94. 

  94. 		function __construct() {

    95. 

  95. 			// Assign plugin_url

    96. 

  96. 			if ( version_compare( get_bloginfo('version'), '2.8', '>=' ) ) {

    97. 

  97. 				$this->plugin_url = plugins_url('', __FILE__);

    98. 

  98. 			} else {

    99. 

  99. 				$this->plugin_url = WP_PLUGIN_URL . '/' . plugin_basename(dirname(__FILE__));

    100. 

  100. 			}

    101. 

  101. 

    102. 

  102. 			// Assign HTTP URL

    103. 

  103. 			$this->http_url = 'http://' . parse_url(get_option('home'), PHP_URL_HOST);

    104. 

  104. 			// Assign HTTPS URL

    105. 

  105. 			$this->https_url = $this->replace_http($this->http_url);

    106. 

  106. 

    107. 

  107. 			// Shared SSL

    108. 

  108. 			if ( get_option('wordpress-https_sharedssl') == 1 && get_option('wordpress-https_sharedssl_host') != '' ) {

    109. 

  109. 				// Turn on Shared SSL

    110. 

  110. 				$this->shared_ssl = true;

    111. 

  111. 				// Assign HTTPS URL to Shared SSL Host

    112. 

  112. 				$this->https_url = get_option('wordpress-https_sharedssl_host');

    113. 

  113. 				// Prevent WordPress from causing a redirect loop

    114. 

  114. 				remove_filter('template_redirect', 'redirect_canonical');

    115. 

  115. 				// Remove Shared SSL authentication cookies on logout

    116. 

  116. 				add_action('clear_auth_cookie', array(&$this, 'clear_auth_cookie'));

    117. 

  117. 			}

    118. 

  118. 

    119. 

  119. 			// Fix admin_url for Shared SSL login

    120. 

  120. 			if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl && $this->is_ssl() ) {

    121. 

  121. 				add_filter('admin_url', array(&$this, 'replace_http_url'));

    122. 

  122. 			}

    123. 

  123. 

    124. 

  124. 			// Filter site_url in admin panel when using Shared SSL

    125. 

  125. 			if ( is_admin() && $this->shared_ssl && $this->is_ssl() ) {

    126. 

  126. 				add_filter( 'site_url', array(&$this, 'replace_http_url'));

    127. 

  127. 			}

    128. 

  128. 

    129. 

  129. 			// Redirect login page if using Shared SSL. This is not pluggable due to the redirect methods used in wp-login.php

    130. 

  130. 			if ( $GLOBALS['pagenow'] == 'wp-login.php' && $this->shared_ssl && !$this->is_ssl() && get_option('wordpress-https_sharedssl_admin') == 1 ) {

    131. 

  131. 				$this->redirect('https');

    132. 

  132. 			}

    133. 

  133. 

    134. 

  134. 			// Start output buffering

    135. 

  135. 			add_action('plugins_loaded', array(&$this, 'buffer_start'));

    136. 

  136. 

    137. 

  137. 			if ( is_admin() ) {

    138. 

  138. 				// Add admin menus

    139. 

  139. 				add_action('admin_menu', array(&$this, 'menu'));

    140. 

  140. 

    141. 

  141. 				// Load on plugins page

    142. 

  142. 				if ( $GLOBALS['pagenow'] == 'plugins.php' ) {

    143. 

  143. 					add_filter( 'plugin_row_meta', array(&$this, 'plugin_links'), 10, 2);

    144. 

  144. 				}

    145. 

  145. 

    146. 

  146. 				// Load on Settings page

    147. 

  147. 				if ( @$_GET['page'] == 'wordpress-https' ) {

    148. 

  148. 					wp_enqueue_script('jquery-form', $this->plugin_url . '/js/jquery.form.js', array('jquery'), '2.47', true);

    149. 

  149. 					wp_enqueue_script('wordpress-https', $this->plugin_url . '/js/admin.php', array('jquery'), $this->plugin_version, true);

    150. 

  150. 					wp_enqueue_style('wordpress-https', $this->plugin_url . '/css/admin.css', $this->plugin_version, true);

    151. 

  151. 

    152. 

  152. 					if ( function_exists('add_thickbox') ) {

    153. 

  153. 						add_thickbox();

    154. 

  154. 					}

    155. 

  155. 				}

    156. 

  156. 

    157. 

  157. 				// Add 'Force SSL' checkbox to add/edit post pages

    158. 

  158. 				if ( version_compare( get_bloginfo('version'), '2.8', '>' ) ) {

    159. 

  159. 					add_action('post_submitbox_misc_actions', array(&$this, 'post_checkbox'));

    160. 

  160. 				} else {

    161. 

  161. 					add_action('post_submitbox_start', array(&$this, 'post_checkbox'));

    162. 

  162. 				}

    163. 

  163. 				add_action('save_post', array(&$this, 'post_save'));

    164. 

  164. 			}

    165. 

  165. 

    166. 

  166. 			// Check if the page needs to be redirected

    167. 

  167. 			add_action('template_redirect', array(&$this, 'check_https'));

    168. 

  168. 

    169. 

  169. 			// Filter HTTPS from links in WP 3.0+

    170. 

  170. 			if ( get_option('wordpress-https_disable_autohttps') == 1 && !is_admin() && strpos(get_option('home'), 'https://') === false ) {

    171. 

  171. 				add_filter('page_link', array(&$this, 'replace_https'));

    172. 

  172. 				add_filter('post_link', array(&$this, 'replace_https'));

    173. 

  173. 				add_filter('category_link', array(&$this, 'replace_https'));

    174. 

  174. 				add_filter('get_archives_link', array(&$this, 'replace_https'));

    175. 

  175. 				add_filter('tag_link', array(&$this, 'replace_https'));

    176. 

  176. 				add_filter('search_link', array(&$this, 'replace_https'));

    177. 

  177. 				add_filter('home_url', array(&$this, 'replace_https'));

    178. 

  178. 				add_filter('bloginfo', array(&$this, 'bloginfo'), 10, 2);

    179. 

  179. 				add_filter('bloginfo_url', array(&$this, 'bloginfo'), 10, 2);

    180. 

  180. 

    181. 

  181. 			// If the whole site is not HTTPS, set links to the front-end to HTTP

    182. 

  182. 			} else if ( is_admin() && $this->is_ssl() && strpos(get_option('home'), 'https://') === false ) {

    183. 

  183. 				add_filter('page_link', array(&$this, 'replace_https'));

    184. 

  184. 				add_filter('post_link', array(&$this, 'replace_https'));

    185. 

  185. 				add_filter('category_link', array(&$this, 'replace_https'));

    186. 

  186. 				add_filter('get_archives_link', array(&$this, 'replace_https'));

    187. 

  187. 				add_filter('tag_link', array(&$this, 'replace_https'));

    188. 

  188. 				add_filter('search_link', array(&$this, 'replace_https'));

    189. 

  189. 			}

    190. 

  190. 

    191. 

  191. 			// End output buffering

    192. 

  192. 			//add_action('shutdown', array(&$this, 'buffer_end'));

    193. 

  193. 		}

    194. 

  194. 

    195. 

  195. 		/**

    196. 

  196. 		 * Operations performed when plugin is activated.

    197. 

  197. 		 *

    198. 

  198. 		 * @param none

    199. 

  199. 		 * @return void

    200. 

  200. 		 */

    201. 

  201. 		function install() {

    202. 

  202. 			// Set default options

    203. 

  203. 			foreach ( $this->options_default as $option => $value ) {

    204. 

  204. 				if ( get_option($option) === false ) {

    205. 

  205. 					add_option($option, $value);

    206. 

  206. 				}

    207. 

  207. 			}

    208. 

  208. 		}

    209. 

  209. 

    210. 

  210. 		/**

    211. 

  211. 		 * Sets the authentication cookies based User ID.

    212. 

  212. 		 * Override for WordPress' pluggable function wp_set_auth_cookie

    213. 

  213. 		 *

    214. 

  214. 		 * The $remember parameter increases the time that the cookie will be kept. The

    215. 

  215. 		 * default the cookie is kept without remembering is two days. When $remember is

    216. 

  216. 		 * set, the cookies will be kept for 14 days or two weeks.

    217. 

  217. 		 *

    218. 

  218. 		 * @param int $user_id User ID

    219. 

  219. 		 * @param bool $remember Whether to remember the user or not

    220. 

  220. 		 * @param bool $secure Whether or not cookie is secure

    221. 

  221. 		 */

    222. 

  222. 		function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {

    223. 

  223. 			if ( $remember ) {

    224. 

  224. 				$expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);

    225. 

  225. 			} else {

    226. 

  226. 				$expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);

    227. 

  227. 				$expire = 0;

    228. 

  228. 			}

    229. 

  229. 

    230. 

  230. 			if ( $secure === '' ) {

    231. 

  231. 				$secure = $this->is_ssl() ? true : false;

    232. 

  232. 			}

    233. 

  233. 

    234. 

  234. 			if ( $secure ) {

    235. 

  235. 				$auth_cookie_name = SECURE_AUTH_COOKIE;

    236. 

  236. 				$scheme = 'secure_auth';

    237. 

  237. 			} else {

    238. 

  238. 				$auth_cookie_name = AUTH_COOKIE;

    239. 

  239. 				$scheme = 'auth';

    240. 

  240. 			}

    241. 

  241. 

    242. 

  242. 			$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);

    243. 

  243. 			$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');

    244. 

  244. 

    245. 

  245. 			do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);

    246. 

  246. 			do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');

    247. 

  247. 

    248. 

  248. 			// Cookie paths defined to accomodate Shared SSL

    249. 

  249. 			$cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);

    250. 

  250. 			$cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;

    251. 

  251. 			$cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;

    252. 

  252. 			$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;

    253. 

  253. 			$cookie_path_admin = $cookie_path_site . 'wp-admin';

    254. 

  254. 

    255. 

  255. 			if ( $this->shared_ssl && $this->is_ssl() ) {

    256. 

  256. 				setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_plugins, $cookie_domain, $secure, true);

    257. 

  257. 				setcookie($auth_cookie_name, $auth_cookie, $expire, $cookie_path_admin, $cookie_domain, $secure, true);

    258. 

  258. 				setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path, $cookie_domain, false, true);

    259. 

  259. 				if ( $cookie_path != $cookie_path_site )

    260. 

  260. 					setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, $cookie_path_site, $cookie_domain, false, true);

    261. 

  261. 			} else {

    262. 

  262. 				setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);

    263. 

  263. 				setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true);

    264. 

  264. 				setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);

    265. 

  265. 				if ( COOKIEPATH != SITECOOKIEPATH )

    266. 

  266. 					setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);

    267. 

  267. 			}

    268. 

  268. 		}

    269. 

  269. 

    270. 

  270. 		/**

    271. 

  271. 		 * Removes all of the cookies associated with authentication.

    272. 

  272. 		 *

    273. 

  273. 		 * @param none

    274. 

  274. 		 * @return void

    275. 

  275. 		 */

    276. 

  276. 		function clear_auth_cookie() {

    277. 

  277. 			// Cookie paths defined to accomodate Shared SSL

    278. 

  278. 			$cookie_domain = '.' . parse_url($this->https_url, PHP_URL_HOST);

    279. 

  279. 			$cookie_path = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . COOKIEPATH;

    280. 

  280. 			$cookie_path_site = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . SITECOOKIEPATH;

    281. 

  281. 			$cookie_path_plugins = rtrim(parse_url($this->https_url, PHP_URL_PATH), '/') . PLUGINS_COOKIE_PATH;

    282. 

  282. 			$cookie_path_admin = $cookie_path_site . 'wp-admin';

    283. 

  283. 

    284. 

  284. 			setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);

    285. 

  285. 			setcookie(AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);

    286. 

  286. 			setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_admin, $cookie_domain);

    287. 

  287. 			setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, $cookie_path_plugins, $cookie_domain);

    288. 

  288. 			setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path, $cookie_domain);

    289. 

  289. 			setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, $cookie_path_site, $cookie_domain);

    290. 

  290. 		}

    291. 

  291. 

    292. 

  292. 		/**

    293. 

  293. 		 * Checks if a user is logged in, if not it redirects them to the login page.

    294. 

  294. 		 *

    295. 

  295. 		 * @param none

    296. 

  296. 		 * @return void

    297. 

  297. 		 */

    298. 

  298. 		function auth_redirect() {

    299. 

  299. 			if ( $this->is_ssl() || force_ssl_admin() )

    300. 

  300. 				$secure = true;

    301. 

  301. 			else

    302. 

  302. 				$secure = false;

    303. 

  303. 

    304. 

  304. 			// If https is required and request is http, redirect

    305. 

  305. 			if ( $secure && !$this->is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {

    306. 

  306. 				$this->redirect('https');

    307. 

  307. 			}

    308. 

  308. 

    309. 

  309. 			if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) {

    310. 

  310. 				do_action('auth_redirect', $user_id);

    311. 

  311. 

    312. 

  312. 				// If the user wants ssl but the session is not ssl, redirect.

    313. 

  313. 				if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {

    314. 

  314. 					$this->redirect('https');

    315. 

  315. 				}

    316. 

  316. 

    317. 

  317. 				return;  // The cookie is good so we're done

    318. 

  318. 			}

    319. 

  319. 

    320. 

  320. 			// The cookie is no good so force login

    321. 

  321. 			nocache_headers();

    322. 

  322. 

    323. 

  323. 			if ( $this->is_ssl() )

    324. 

  324. 				$proto = 'https://';

    325. 

  325. 			else

    326. 

  326. 				$proto = 'http://';

    327. 

  327. 

    328. 

  328. 			$redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

    329. 

  329. 

    330. 

  330. 			// Rewrite URL to Shared SSL URL

    331. 

  331. 			if ( $this->shared_ssl && strpos($redirect, 'https://') !== false ) {

    332. 

  332. 				$redirect = $this->replace_http_url( $redirect );

    333. 

  333. 			}

    334. 

  334. 

    335. 

  335. 			$login_url = wp_login_url($redirect);

    336. 

  336. 

    337. 

  337. 			wp_redirect($login_url);

    338. 

  338. 			exit();

    339. 

  339. 		}

    340. 

  340. 

    341. 

  341. 		/**

    342. 

  342. 		 * Process output buffer

    343. 

  343. 		 *

    344. 

  344. 		 * @param string $buffer

    345. 

  345. 		 * @return string $buffer

    346. 

  346. 		 */

    347. 

  347. 		function process($buffer) {

    348. 

  348. 			if ( $this->is_ssl() ) {

    349. 

  349. 				// Fix the regular stuff

    350. 

  350. 				if ( is_admin() ) {

    351. 

  351. 					preg_match_all('/\<(script|link|img)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);

    352. 

  352. 				} else {

    353. 

  353. 					preg_match_all('/\<(script|link|img|input|form|embed|param)[^>]+((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);

    354. 

  354. 				}

    355. 

  355. 

    356. 

  356. 				$external_urls = get_option('wordpress-https_external_urls');

    357. 

  357. 

    358. 

  358. 				for ($i = 0; $i<=sizeof($matches[0]); $i++) {

    359. 

  359. 					$html = $matches[0][$i];

    360. 

  360. 					$type = $matches[1][$i];

    361. 

  361. 					$url = $matches[2][$i];

    362. 

  362. 					$scheme = $matches[3][$i];

    363. 

  363. 

    364. 

  364. 					if ( $type == 'img' || $type == 'script' || $type == 'embed' ||

    365. 

  365. 						( $type == 'link' && ( strpos($html, 'stylesheet') !== false || strpos($html, 'pingback') !== false ) ) ||

    366. 

  366. 						( $type == 'form' && ( strpos($html, 'loginform') !== false || strpos($html, 'wp-pass.php') !== false ) ) ||

    367. 

  367. 						( $type == 'input' && strpos($html, 'image') !== false ) ||

    368. 

  368. 						( $type == 'param' && strpos($html, 'movie') !== false )

    369. 

  369. 					) {

    370. 

  370. 						if ( is_admin() && $type == 'img' ) {

    371. 

  371. 							if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ) {

    372. 

  372. 								$buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);

    373. 

  373. 							}

    374. 

  374. 						} else {

    375. 

  375. 							if ( strpos($url, $this->http_url) !== false && get_option('wordpress-https_internalurls') == 1 ) {

    376. 

  376. 								$buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);

    377. 

  377. 							} else if ( strpos($url, $this->replace_http($this->http_url)) !== false && $this->shared_ssl ) {

    378. 

  378. 								$buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);

    379. 

  379. 							} else if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 && strpos($html, $this->http_url) !== false ) {

    380. 

  380. 								$buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);

    381. 

  381. 							} else if ( strpos($url, $this->https_url) === false && strpos($url, 'https://') === false && get_option('wordpress-https_externalurls') == 1 ) {

    382. 

  382. 								if ( get_option('wordpress-https_bypass') == 1 ) {

    383. 

  383. 									$buffer = str_replace($html, str_replace($url, $this->replace_http($url), $html), $buffer);

    384. 

  384. 								} else if ( in_array($url, $external_urls) || @file_get_contents($this->replace_http($url)) !== false ) {

    385. 

  385. 									$buffer = str_replace($html, str_replace($url, $this->replace_http($url), $html), $buffer);

    386. 

  386. 									// Cache this URL as available over HTTPS for future reference

    387. 

  387. 									if ( !in_array($url, $external_urls) ) {

    388. 

  388. 										$external_urls[] = $url;

    389. 

  389. 										update_option('wordpress-https_external_urls', $external_urls);

    390. 

  390. 									}

    391. 

  391. 								}

    392. 

  392. 							}

    393. 

  393. 						}

    394. 

  394. 					}

    395. 

  395. 				}

    396. 

  396. 

    397. 

  397. 				// Fix any CSS background images

    398. 

  398. 				preg_match_all('/background: url\([\'"]?(http:\/\/[\/-\w\.#?=\+&;]+)[\'"]?\)/im', $buffer, $matches);

    399. 

  399. 				for ($i = 0; $i<=sizeof($matches[0]); $i++) {

    400. 

  400. 					$css = $matches[0][$i];

    401. 

  401. 					$url = $matches[1][$i];

    402. 

  402. 

    403. 

  403. 					$buffer = str_replace($css, str_replace($url, $this->replace_http_url($url), $css), $buffer);

    404. 

  404. 				}

    405. 

  405. 

    406. 

  406. 				// Look for any relative paths that should be udpated to the Shared SSL path

    407. 

  407. 				if ( $this->shared_ssl ) {

    408. 

  408. 					preg_match_all('/\<(script|link|img|input|form|embed|param|a)[^>]+[\'"](\/[\/-\w\.#?=\+&;]*)[^>]+>/im', $buffer, $matches);

    409. 

  409. 

    410. 

  410. 					for ($i = 0; $i<=sizeof($matches[0]); $i++) {

    411. 

  411. 						$html = $matches[0][$i];

    412. 

  412. 						$type = $matches[1][$i];

    413. 

  413. 						$url = $matches[2][$i];

    414. 

  414. 						if ( $type != 'input' || ( $type == 'input' && strpos($html, 'image') !== false ) ) {

    415. 

  415. 							$buffer = str_replace($html, str_replace($url, $this->https_url . $url, $html), $buffer);

    416. 

  416. 						}

    417. 

  417. 					}

    418. 

  418. 				}

    419. 

  419. 			}

    420. 

  420. 

    421. 

  421. 			// Update anchor and form tags to appropriate URL's

    422. 

  422. 			preg_match_all('/\<(a|form)[^>]+[\'"]((http|https):\/\/[\/-\w\.#?=\+&;]+)[^>]+>/im', $buffer, $matches);

    423. 

  423. 

    424. 

  424. 			for ($i = 0; $i<=sizeof($matches[0]); $i++) {

    425. 

  425. 				$html = $matches[0][$i];

    426. 

  426. 				$type = $matches[1][$i];

    427. 

  427. 				$url = $matches[2][$i];

    428. 

  428. 				$scheme = $matches[3][$i];

    429. 

  429. 

    430. 

  430. 				unset($force_ssl);

    431. 

  431. 

    432. 

  432. 				$url_path = parse_url($url, PHP_URL_PATH);

    433. 

  433. 				if ( $this->shared_ssl ) {

    434. 

  434. 					$url_path = str_replace(parse_url($this->https_url, PHP_URL_PATH), '', $url_path);

    435. 

  435. 				}

    436. 

  436. 				$url_path = str_replace(parse_url(get_option('home'), PHP_URL_PATH), '', $url_path);

    437. 

  437. 

    438. 

  438. 				if ( preg_match("/page_id=([\d]+)/", parse_url($url, PHP_URL_QUERY), $postID) == 1 ) {

    439. 

  439. 					$post = $postID[1];

    440. 

  440. 				} else if ( $post = get_page_by_path($url_path) ) {

    441. 

  441. 					$post = $post->ID;

    442. 

  442. 				} else if ( $url_path == '/' ) {

    443. 

  443. 					if ( get_option('show_on_front') == 'posts' ) {

    444. 

  444. 						$post = true;

    445. 

  445. 						$force_ssl = (( get_option('wordpress-https_frontpage') == 1 ) ? true : false);

    446. 

  446. 					} else {

    447. 

  447. 						$post = get_option('page_on_front');

    448. 

  448. 					}

    449. 

  449. 				}

    450. 

  450. 

    451. 

  451. 				if ( $post ) {

    452. 

  452. 					$force_ssl = (( !isset($force_ssl) ) ? get_post_meta($post, 'force_ssl', true) : $force_ssl);

    453. 

  453. 

    454. 

  454. 					if ( $force_ssl ) {

    455. 

  455. 						$buffer = str_replace($html, str_replace($url, $this->replace_http_url($url), $html), $buffer);

    456. 

  456. 					} else if ( get_option('wordpress-https_exclusive_https') == 1 ) {

    457. 

  457. 						$buffer = str_replace($html, str_replace($this->https_url, $this->http_url, $html), $buffer);

    458. 

  458. 					}

    459. 

  459. 				}

    460. 

  460. 			}

    461. 

  461. 

    462. 

  462. 			// Fix any anchor or form tags that contain the HTTPS version of the regular domain when using Shared SSL

    463. 

  463. 			if ( $this->shared_ssl && get_option('wordpress-https_internalurls') == 1 ) {

    464. 

  464. 				$regex_url = preg_quote($this->replace_http($this->http_url));

    465. 

  465. 				$regex_url = str_replace('/', '\/', $regex_url);

    466. 

  466. 				preg_match_all('/\<(a|form)[^>]+(' . $regex_url . ')[^>]+>/im', $buffer, $matches);

    467. 

  467. 

    468. 

  468. 				for ($i = 0; $i<=sizeof($matches[0]); $i++) {

    469. 

  469. 					$html = $matches[0][$i];

    470. 

  470. 					$type = $matches[1][$i];

    471. 

  471. 					$url = $matches[2][$i];

    472. 

  472. 

    473. 

  473. 					$buffer = str_replace($html, str_replace($url, $this->https_url, $html), $buffer);

    474. 

  474. 				}

    475. 

  475. 			}

    476. 

  476. 

    477. 

  477. 			return $buffer;

    478. 

  478. 		}

    479. 

  479. 

    480. 

  480. 		/**

    481. 

  481. 		 * Checks if the current page is SSL

    482. 

  482. 		 *

    483. 

  483. 		 * @param none

    484. 

  484. 		 * @return bool

    485. 

  485. 		 */

    486. 

  486. 		function is_ssl() {

    487. 

  487. 			// Some extra checks for proxies and Shared SSL

    488. 

  488. 			if ( isset($_SERVER['HTTP_X_URL_SCHEME']) && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {

    489. 

  489. 				return true;

    490. 

  490. 			} else if ( $this->shared_ssl && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {

    491. 

  491. 				return true;

    492. 

  492. 			}

    493. 

  493. 			return is_ssl();

    494. 

  494. 		}

    495. 

  495. 

    496. 

  496. 		/**

    497. 

  497. 		 * Checks if the current page needs to be redirected

    498. 

  498. 		 *

    499. 

  499. 		 * @param none

    500. 

  500. 		 * @return void

    501. 

  501. 		 */

    502. 

  502. 		function check_https() {

    503. 

  503. 			global $post;

    504. 

  504. 			if ( is_front_page() && get_option('show_on_front') == 'posts' ) {

    505. 

  505. 				if ( get_option('wordpress-https_frontpage') == 1 && !$this->is_ssl() ) {

    506. 

  506. 					$this->redirect('https');

    507. 

  507. 				} else if ( get_option('wordpress-https_frontpage') != 1 && get_option('wordpress-https_exclusive_https') == 1 && $this->is_ssl() ) {

    508. 

  508. 					$this->redirect('http');

    509. 

  509. 				}

    510. 

  510. 			} else if ( ( is_single() || is_page() || is_front_page() || is_home() ) && $post->ID > 0 ) {

    511. 

  511. 				$forceSSL = get_post_meta($post->ID, 'force_ssl', true);

    512. 

  512. 				if ( !$this->is_ssl() && $forceSSL ) {

    513. 

  513. 					$this->redirect('https');

    514. 

  514. 				} else if ( get_option('wordpress-https_exclusive_https') == 1 && !$forceSSL ) {

    515. 

  515. 					$this->redirect('http');

    516. 

  516. 				}

    517. 

  517. 			}

    518. 

  518. 		}

    519. 

  519. 

    520. 

  520. 		/**

    521. 

  521. 		 * Redirects page to HTTP or HTTPS accordingly

    522. 

  522. 		 *

    523. 

  523. 		 * @param string $scheme Either http or https

    524. 

  524. 		 * @return void

    525. 

  525. 		 */

    526. 

  526. 		function redirect($scheme = 'https') {

    527. 

  527. 			if ( !$this->is_ssl() && $scheme == 'https' ) {

    528. 

  528. 				$url = parse_url($this->https_url);

    529. 

  529. 				$url['scheme'] = $scheme;

    530. 

  530. 			} else if ( $this->is_ssl() && $scheme == 'http' ) {

    531. 

  531. 				$url = parse_url($this->http_url);

    532. 

  532. 				$url['scheme'] = $scheme;

    533. 

  533. 			} else {

    534. 

  534. 				$url = false;

    535. 

  535. 			}

    536. 

  536. 			if ( $url ) {

    537. 

  537. 				$destination = $url['scheme'] . '://' . $url['host'] . (( $this->shared_ssl ) ? $url['path'] : '') . $_SERVER['REQUEST_URI'];

    538. 

  538. 				if ( function_exists('wp_redirect') ) {

    539. 

  539. 					wp_redirect($destination, 301);

    540. 

  540. 				} else {

    541. 

  541. 					// End all output buffering and redirect

    542. 

  542. 					while(@ob_end_clean());

    543. 

  543. 					header("Location: " . $destination);

    544. 

  544. 				}

    545. 

  545. 				exit();

    546. 

  546. 			}

    547. 

  547. 		}

    548. 

  548. 

    549. 

  549. 		/**

    550. 

  550. 		 * Add 'Force SSL' checkbox to add/edit post pages

    551. 

  551. 		 *

    552. 

  552. 		 * @param none

    553. 

  553. 		 * @return void

    554. 

  554. 		 */

    555. 

  555. 		function post_checkbox() {

    556. 

  556. 			global $post;

    557. 

  557. 

    558. 

  558. 			wp_nonce_field(plugin_basename(__FILE__), 'wordpress-https');

    559. 

  559. 

    560. 

  560. 			$checked = false;

    561. 

  561. 			if ( $post->ID ) {

    562. 

  562. 				$checked = get_post_meta($post->ID, 'force_ssl', true);

    563. 

  563. 			}

    564. 

  564. 			echo '<div class="misc-pub-section misc-pub-section-last" style="border-top: 1px solid #EEE;"><label>Force SSL: <input type="checkbox" value="1" name="force_ssl" id="force_ssl"'.(($checked) ? ' checked="checked"' : '').' /></label></div>';

    565. 

  565. 		}

    566. 

  566. 

    567. 

  567. 		/**

    568. 

  568. 		 * Save Force SSL option to post or page

    569. 

  569. 		 *

    570. 

  570. 		 * @param int $post_id

    571. 

  571. 		 * @return int $post_id

    572. 

  572. 		 */

    573. 

  573. 		function post_save( $post_id ) {

    574. 

  574. 			if ( array_key_exists('wordpress-https', $_POST) ) {

    575. 

  575. 				if ( !wp_verify_nonce($_POST['wordpress-https'], plugin_basename(__FILE__))) {

    576. 

  576. 					return $post_id;

    577. 

  577. 				}

    578. 

  578. 

    579. 

  579. 				if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) {

    580. 

  580. 					return $post_id;

    581. 

  581. 				}

    582. 

  582. 

    583. 

  583. 				if ( $_POST['post_type'] == 'page' ) {

    584. 

  584. 					if ( !current_user_can('edit_page', $post_id) ) {

    585. 

  585. 						return $post_id;

    586. 

  586. 					}

    587. 

  587. 				} else {

    588. 

  588. 					if ( !current_user_can('edit_post', $post_id) ) {

    589. 

  589. 						return $post_id;

    590. 

  590. 					}

    591. 

  591. 				}

    592. 

  592. 

    593. 

  593. 				$forceSSL = (( $_POST['force_ssl'] == 1 ) ? true : false);

    594. 

  594. 				if ( $forceSSL ) {

    595. 

  595. 					update_post_meta($post_id, 'force_ssl', 1);

    596. 

  596. 				} else {

    597. 

  597. 					delete_post_meta($post_id, 'force_ssl');

    598. 

  598. 				}

    599. 

  599. 

    600. 

  600. 				return $forceSSL;

    601. 

  601. 			}

    602. 

  602. 			return $post_id;

    603. 

  603. 		}

    604. 

  604. 

    605. 

  605. 		/**

    606. 

  606. 		 * Filters HTTPS urls from bloginfo function

    607. 

  607. 		 *

    608. 

  608. 		 * @param string $result

    609. 

  609. 		 * @param string $show

    610. 

  610. 		 * @return string $result

    611. 

  611. 		 */

    612. 

  612. 		function bloginfo($result = '', $show = '') {

    613. 

  613. 			if ( $show == 'stylesheet_url' || $show == 'template_url' || $show == 'wpurl' || $show == 'home' || $show == 'siteurl' || $show == 'url' ) {

    614. 

  614. 				$result = $this->replace_https($result);

    615. 

  615. 			}

    616. 

  616. 			return $result;

    617. 

  617. 		}

    618. 

  618. 

    619. 

  619. 		/**

    620. 

  620. 		 * Add admin panel menu option

    621. 

  621. 		 *

    622. 

  622. 		 * @param none

    623. 

  623. 		 * @return void

    624. 

  624. 		 */

    625. 

  625. 		function menu() {

    626. 

  626. 			add_options_page('WordPress HTTPS Settings', 'WordPress HTTPS', 'manage_options', 'wordpress-https', array(&$this, 'settings'));

    627. 

  627. 		}

    628. 

  628. 

    629. 

  629. 		/**

    630. 

  630. 		 * Add plugin links to Manage Plugins page in admin panel

    631. 

  631. 		 *

    632. 

  632. 		 * @param array $links

    633. 

  633. 		 * @param string $file

    634. 

  634. 		 * @return array $links

    635. 

  635. 		 */

    636. 

  636. 		function plugin_links($links, $file) {

    637. 

  637. 			if ( strpos($file, basename( __FILE__)) === false ) {

    638. 

  638. 				return $links;

    639. 

  639. 			}

    640. 

  640. 

    641. 

  641. 			$links[] = '<a href="' . site_url() . '/wp-admin/options-general.php?page=wordpress-https" title="WordPress HTTPS Settings">Settings</a>';

    642. 

  642. 			$links[] = '<a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" title="Frequently Asked Questions">FAQ</a>';

    643. 

  643. 			$links[] = '<a href="http://wordpress.org/tags/wordpress-https#postform" title="Support">Support</a>';

    644. 

  644. 			$links[] = '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N9NFVADLVUR7A" title="Support WordPress HTTPS development with a donation!">Donate</a>';

    645. 

  645. 			return $links;

    646. 

  646. 		}

    647. 

  647. 

    648. 

  648. 		/**

    649. 

  649. 		 * Start output buffering

    650. 

  650. 		 *

    651. 

  651. 		 * @param none

    652. 

  652. 		 * @return void

    653. 

  653. 		 */

    654. 

  654. 		function buffer_start() {

    655. 

  655. 			if ( get_option('wordpress-https_externalurls') == 1 && get_option('wordpress-https_bypass') != 1 ) {

    656. 

  656. 				@ini_set('allow_url_fopen', 1);

    657. 

  657. 			}

    658. 

  658. 			ob_start(array(&$this, 'process'));

    659. 

  659. 		}

    660. 

  660. 

    661. 

  661. 		/**

    662. 

  662. 		 * End output buffering

    663. 

  663. 		 *

    664. 

  664. 		 * @param none

    665. 

  665. 		 * @return void

    666. 

  666. 		 */

    667. 

  667. 		function buffer_end() {

    668. 

  668. 			ob_end_flush();

    669. 

  669. 		}

    670. 

  670. 

    671. 

  671. 		/**

    672. 

  672. 		 * Replaces HTTP URL to HTTPS URL

    673. 

  673. 		 *

    674. 

  674. 		 * @param string $string

    675. 

  675. 		 * @return string $string

    676. 

  676. 		 */

    677. 

  677. 		function replace_http_url($string) {

    678. 

  678. 			preg_match_all('/(http|https):\/\/[\/-\w\.#?=\+&;]+/im', $string, $url);

    679. 

  679. 			$url = $url[0][0];

    680. 

  680. 

    681. 

  681. 			// If URL matches home_url, but lacks www, add www

    682. 

  682. 			if ( strpos(get_option('home'), '://www.') !== false && strpos($url, '://www.') === false && parse_url($url, PHP_URL_HOST) != NULL ) {

    683. 

  683. 				$url_host = parse_url($url, PHP_URL_HOST);

    684. 

  684. 				$url_host_www = 'www.' . $url_host;

    685. 

  685. 				if ( strpos(get_option('home'), $url_host_www) !== false ) {

    686. 

  686. 					$string = str_replace($url_host, $url_host_www, $string);

    687. 

  687. 				}

    688. 

  688. 			}

    689. 

  689. 

    690. 

  690. 			// Replace the HTTPS version of the domain with $this->https_url for Shared SSL

    691. 

  691. 			$string = str_replace($this->replace_http($this->http_url), $this->https_url, $string);

    692. 

  692. 			$string = str_replace($this->http_url, $this->https_url, $string);

    693. 

  693. 			return $string;

    694. 

  694. 		}

    695. 

  695. 

    696. 

  696. 		/**

    697. 

  697. 		 * Replace HTTPS with HTTP

    698. 

  698. 		 *

    699. 

  699. 		 * @param string $string

    700. 

  700. 		 * @return string $string

    701. 

  701. 		 */

    702. 

  702. 		function replace_https($string) {

    703. 

  703. 			return str_replace('https://', 'http://', $string);

    704. 

  704. 		}

    705. 

  705. 

    706. 

  706. 		/**

    707. 

  707. 		 * Replace HTTP with HTTPS

    708. 

  708. 		 *

    709. 

  709. 		 * @param string $string

    710. 

  710. 		 * @return string $string

    711. 

  711. 		 */

    712. 

  712. 		function replace_http($string) {

    713. 

  713. 			return str_replace('http://', 'https://', $string);

    714. 

  714. 		}

    715. 

  715. 

    716. 

  716. 		/**

    717. 

  717. 		 * Settings page in admin panel

    718. 

  718. 		 *

    719. 

  719. 		 * @param none

    720. 

  720. 		 * @return void

    721. 

  721. 		 */

    722. 

  722. 		function settings() {

    723. 

  723. 			if ( !current_user_can('manage_options') ) {

    724. 

  724. 				wp_die( __('You do not have sufficient permissions to access this page.') );

    725. 

  725. 			}

    726. 

  726. 

    727. 

  727. 			if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {

    728. 

  728. 				$errors = array();

    729. 

  729. 

    730. 

  730. 				foreach ($this->options_default as $key => $default) {

    731. 

  731. 					if ( !array_key_exists($key, $_POST) && $default == 0 ) {

    732. 

  732. 						$_POST[$key] = 0;

    733. 

  733. 						update_option($key, $_POST[$key]);

    734. 

  734. 					} else {

    735. 

  735. 						if ( $key == 'wordpress-https_sharedssl_host' ) {

    736. 

  736. 							if ( isset($_POST[$key]) ) {

    737. 

  737. 								$url = parse_url($_POST[$key]);

    738. 

  738. 							}

    739. 

  739. 							if ( sizeof($url) > 1 ) {

    740. 

  740. 								$_POST[$key] = 'https://' . $url['host'] . @$url['path'];

    741. 

  741. 								if ( substr($_POST[$key], -1, 1) == '/' ) {

    742. 

  742. 									$_POST[$key] = substr($_POST[$key], 0, strlen($_POST[$key])-1);

    743. 

  743. 								}

    744. 

  744. 							} else if ( $_POST['wordpress-https_sharedssl'] == 1 ) {

    745. 

  745. 								$errors[] = '<strong>Shared SSL Host</strong> - Invalid host.';

    746. 

  746. 								update_option('wordpress-https_sharedssl', 0);

    747. 

  747. 							}

    748. 

  748. 						} else if ( $key == 'wordpress-https_sharedssl_admin' ) {

    749. 

  749. 							if ( force_ssl_admin() || force_ssl_login() ) {

    750. 

  750. 								$errors[] = '<strong>Shared SSL Admin</strong> - FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.';

    751. 

  751. 								$_POST[$key] = 0;

    752. 

  752. 							}

    753. 

  753. 						} else if ( $key == 'wordpress-https_externalurls' && @ini_get('allow_url_fopen') != 1 ) {

    754. 

  754. 							$errors[] = '<strong>External HTTPS Elements</strong> - PHP configuration error: allow_url_fopen must be enabled.';

    755. 

  755. 							$_POST[$key] = 0;

    756. 

  756. 						} else if ( $key == 'wordpress-https_disable_autohttps' && version_compare(get_bloginfo('version'), '3.0', '<') ) {

    757. 

  757. 							$_POST[$key] = 0;

    758. 

  758. 						}

    759. 

  759. 

    760. 

  760. 						update_option($key, $_POST[$key]);

    761. 

  761. 					}

    762. 

  762. 				}

    763. 

  763. 

    764. 

  764. 				if ( array_key_exists('ajax', $_POST) ) {

    765. 

  765. 					while(@ob_end_clean());

    766. 

  766. 					ob_start();

    767. 

  767. 					if ( sizeof( $errors ) > 0 ) {

    768. 

  768. 						echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";

    769. 

  769. 						foreach ( $errors as $error ) {

    770. 

  770. 							echo "\t\t<li><p>".$error."</p></li>\n";

    771. 

  771. 						}

    772. 

  772. 						echo "\t</ul>\n</div>\n";

    773. 

  773. 					} else {

    774. 

  774. 						echo "<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";

    775. 

  775. 					}

    776. 

  776. 					exit();

    777. 

  777. 				}

    778. 

  778. 			}

    779. 

  779. ?>

    780. 

  780. 

    781. 

  781. <div class="wrap">

    782. 

  782. 	<div id="icon-options-general" class="icon32"><br /></div>

    783. 

  783. 	<h2>WordPress HTTPS Settings</h2>

    784. 

  784. 

    785. 

  785. <?php

    786. 

  786. 	if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {

    787. 

  787. 		if ( sizeof( $errors ) > 0 ) {

    788. 

  788. 			echo "<div class=\"error below-h2 fade\" id=\"message\">\n\t<ul>\n";

    789. 

  789. 			foreach ( $errors as $error ) {

    790. 

  790. 				echo "\t\t<li><p>".$error."</p></li>\n";

    791. 

  791. 			}

    792. 

  792. 			echo "\t</ul>\n</div>\n";

    793. 

  793. 		} else {

    794. 

  794. 			echo "\t\t<div class=\"updated below-h2 fade\" id=\"message\"><p>Settings saved.</p></div>\n";

    795. 

  795. 		}

    796. 

  796. 	} else {

    797. 

  797. 		echo "\t<div id=\"message-wrap\"><div id=\"message-body\"></div></div>\n";

    798. 

  798. 	}

    799. 

  799. ?>

    800. 

  800. 

    801. 

  801. 	<div id="wphttps-sidebar">

    802. 

  802. 

    803. 

  803. 		<div class="wphttps-widget" id="wphttps-updates">

    804. 

  804. 			<h3 class="wphttps-widget-title">Developer Updates</h3>

    805. 

  805. 			<div class="wphttps-widget-content"><img alt="Loading..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="loading" id="updates-loading" /></div>

    806. 

  806. 		</div>

    807. 

  807. 

    808. 

  808. 		<div class="wphttps-widget" id="wphttps-support">

    809. 

  809. 			<h3 class="wphttps-widget-title">Support</h3>

    810. 

  810. 			<div class="wphttps-widget-content">

    811. 

  811. 				<p>Have you tried everything and your website is still giving you partially encrypted errors?</p>

    812. 

  812. 				<p>If you haven't already, check out the <a href="http://wordpress.org/extend/plugins/wordpress-https/faq/" target="_blank">Frequently Asked Questions</a>.</p>

    813. 

  813. 				<p>Still not fixed? Having other problems? Please <a href="http://wordpress.org/tags/wordpress-https#postform" target="_blank">start a support topic</a> and I'll do my best to assist you.</p>

    814. 

  814. 			</div>

    815. 

  815. 		</div>

    816. 

  816. 

    817. 

  817. 		<div class="wphttps-widget" id="wphttps-donate">

    818. 

  818. 			<h3 class="wphttps-widget-title">Donate</h3>

    819. 

  819. 			<div class="wphttps-widget-content">

    820. 

  820. 				<p>If you found this plugin useful, or I've already helped you with your website, please considering buying me a <a href="http://en.wikipedia.org/wiki/Newcastle_Brown_Ale" target="_blank">beer</a> or two.</p>

    821. 

  821. 				<p>Donations help alleviate the time spent developing and supporting this plugin and are greatly appreciated.</p>

    822. 

  822. 

    823. 

  823. 				<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

    824. 

  824. 					<input type="hidden" name="cmd" value="_s-xclick">

    825. 

  825. 					<input type="hidden" name="hosted_button_id" value="N9NFVADLVUR7A">

    826. 

  826. 					<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">

    827. 

  827. 					<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">

    828. 

  828. 				</form>

    829. 

  829. 			</div>

    830. 

  830. 		</div>

    831. 

  831. 

    832. 

  832. 	</div>

    833. 

  833. 

    834. 

  834. 	<div id="wphttps-main">

    835. 

  835. 		<div id="post-body">

    836. 

  836. 			<form name="form" id="wordpress-https" action="options-general.php?page=wordpress-https" method="post">

    837. 

  837. 			<?php settings_fields('wordpress-https'); ?>

    838. 

  838. 

    839. 

  839. 			<fieldset>

    840. 

  840. 				<label for="wordpress-https_internalurls"><input name="wordpress-https_internalurls" type="checkbox" id="wordpress-https_internalurls" value="1"<?php echo ((get_option('wordpress-https_internalurls')) ? ' checked="checked"' : ''); ?> /> <strong>Internal HTTPS Elements</strong></label>

    841. 

  841. 				<p>Force internal elements to HTTPS when viewing a secure page.</p>

    842. 

  842. 				<p class="description">Fixes most partially encrypted errors.</p>

    843. 

  843. 			</fieldset>

    844. 

  844. 

    845. 

  845. 			<fieldset>

    846. 

  846. 				<label for="wordpress-https_externalurls"><input name="wordpress-https_externalurls" type="checkbox" id="wordpress-https_externalurls" value="1"<?php echo ((get_option('wordpress-https_externalurls')) ? ' checked="checked"' : ''); ?> /> <strong>External HTTPS Elements</strong></label>

    847. 

  847. 				<p>Attempt to automatically force external elements to HTTPS when viewing a secure page. External elements are any element not hosted on your domain.</p>

    848. 

  848. 				<p class="description">Warning: This option checks that the external element can be loaded via HTTPS while the page is loading. Depending on the amount of external elements, this could affect the load times of your pages.</p>

    849. 

  849. 			</fieldset>

    850. 

  850. 

    851. 

  851. 			<fieldset>

    852. 

  852. 				<label for="wordpress-https_bypass"><input name="wordpress-https_bypass" type="checkbox" id="wordpress-https_bypass" value="1"<?php echo ((get_option('wordpress-https_bypass')) ? ' checked="checked"' : ''); ?> /> <strong>Bypass External Check</strong></label>

    853. 

  853. 				<p>Disable the option to check if an external element can be loaded over HTTPS.</p>

    854. 

  854. 				<p class="description">Warning: Bypassing the HTTPS check for external elements may cause elements to not load at all. Only enable this option if you know that all external elements can be loaded over HTTPS.</p>

    855. 

  855. 			</fieldset>

    856. 

  856. 

    857. 

  857. <?php if ( version_compare(get_bloginfo('version'), '3.0', '>=') ) { ?>

    858. 

  858. 			<fieldset>

    859. 

  859. 				<label for="wordpress-https_disable_autohttps"><input name="wordpress-https_disable_autohttps" type="checkbox" id="wordpress-https_disable_autohttps" value="1"<?php echo ((get_option('wordpress-https_disable_autohttps')) ? ' checked="checked"' : ''); ?> /> <strong>Disable Automatic HTTPS</strong></label>

    860. 

  860. 				<p>Prevents WordPress 3.0+ from making all links HTTPS when viewing a secure page.</p>

    861. 

  861. 				<p class="description">When a page is viewed via HTTPS in WordPress 3.0+, all internal page, category and post links are forced to HTTPS. This option will disable that.</p>

    862. 

  862. 			</fieldset>

    863. 

  863. 

    864. 

  864. <?php } ?>

    865. 

  865. 			<fieldset>

    866. 

  866. 				<label for="wordpress-https_exclusive_https"><input name="wordpress-https_exclusive_https" type="checkbox" id="wordpress-https_exclusive_https" value="1"<?php echo ((get_option('wordpress-https_exclusive_https')) ? ' checked="checked"' : ''); ?> /> <strong>Force SSL Exclusively</strong></label>

    867. 

  867. 				<p>Exclusively force SSL on posts and pages with the `Force SSL` option checked. All others are redirected to HTTP.</p>

    868. 

  868. 				<p class="description">WordPress HTTPS adds a 'Force SSL' checkbox to each post and page right above the publish button (<a href="<?php echo $this->plugin_url; ?>/screenshot-2.png" class="thickbox">screenshot</a>). When selected, the post or page will be forced to HTTPS. With this option enabled, all posts and pages without 'Force SSL' checked will be redirected to HTTP.</p>

    869. 

  869. 			</fieldset>

    870. 

  870. 

    871. 

  871. 			<fieldset>

    872. 

  872. 				<label for="wordpress-https_sharedssl"><input name="wordpress-https_sharedssl" type="checkbox" id="wordpress-https_sharedssl" value="1"<?php echo ((get_option('wordpress-https_sharedssl')) ? ' checked="checked"' : ''); ?> /> <strong>Shared SSL</strong></label>

    873. 

  873. 				<p>Enable this option if you are using a Shared SSL certificate and your Shared SSL Host is something other than '<?php echo $this->replace_http($this->http_url); ?>/'.</p>

    874. 

  874. 				<label><strong>Shared SSL Host</strong> <input name="wordpress-https_sharedssl_host" type="text" id="wordpress-https_sharedssl_host" value="<?php echo get_option('wordpress-https_sharedssl_host'); ?>" /></label>

    875. 

  875. 			</fieldset>

    876. 

  876. 

    877. 

  877. 			<fieldset>

    878. 

  878. 				<label for="wordpress-https_sharedssl_admin"><input name="wordpress-https_sharedssl_admin" type="checkbox" id="wordpress-https_sharedssl_admin" value="1"<?php echo ((get_option('wordpress-https_sharedssl_admin')) ? ' checked="checked"' : ''); ?> /> <strong>Force Shared SSL Admin</strong></label>

    879. 

  879. 				<p>Enable this option if you are using a Shared SSL certificate and you only want to access your admin panel over HTTPS.</p>

    880. 

  880. 				<p class="description">Notice: FORCE_SSL_ADMIN and FORCE_SSL_LOGIN can not be set to true in your wp-config.php.</p>

    881. 

  881. 			</fieldset>

    882. 

  882. 

    883. 

  883. <?php if ( get_option('show_on_front') == 'posts' ) { ?>

    884. 

  884. 			<fieldset>

    885. 

  885. 				<label for="wordpress-https_frontpage"><input name="wordpress-https_frontpage" type="checkbox" id="wordpress-https_frontpage" value="1"<?php echo ((get_option('wordpress-https_frontpage')) ? ' checked="checked"' : ''); ?> /> <strong>HTTPS Front Page</strong></label>

    886. 

  886. 				<p>It appears you are using your latest posts for your home page. If you would like that page to have SSL enforced, enable this option.</p>

    887. 

  887. 			</fieldset>

    888. 

  888. 

    889. 

  889. <?php } ?>

    890. 

  890. 			<p class="button-controls">

    891. 

  891. 				<input type="submit" name="Submit" value="Save Changes" class="button-primary" />

    892. 

  892. 				<img alt="Waiting..." src="<?php echo parse_url($this->plugin_url, PHP_URL_PATH); ?>/css/images/wpspin_light.gif" class="waiting" id="submit-waiting" />

    893. 

  893. 			</p>

    894. 

  894. 			</form>

    895. 

  895. 		</div>

    896. 

  896. 	</div>

    897. 

  897. 

    898. 

  898. <?php

    899. 

  899. 		}

    900. 

  900. 	} // End WordPressHTTPS Class

    901. 

  901. }

    902. 

  902. 

    903. 

  903. if ( class_exists('WordPressHTTPS') ) {

    904. 

  904. 	$wordpress_https = new WordPressHTTPS();

    905. 

  905. 	register_activation_hook( __FILE__, array(&$wordpress_https, 'install'));

    906. 

  906. }

    907. 

  907. 

    908. 

  908. // Use WordPress HTTPS wp_set_auth_cookie method for WordPress' wp_set_auth_cookie pluggable function if using Shared SSL

    909. 

  909. if ( $wordpress_https->shared_ssl && !function_exists('wp_set_auth_cookie') ) {

    910. 

  910. 	function wp_set_auth_cookie($user_id, $remember, $secure) {

    911. 

  911. 		global $wordpress_https;

    912. 

  912. 		return $wordpress_https->wp_set_auth_cookie($user_id, $remember, $secure);

    913. 

  913. 	}

    914. 

  914. }

    915. 

  915. 

    916. 

  916. // Use WordPress HTTPS auth_redirect method for WordPress' auth_redirect pluggable function if using Shared SSL

    917. 

  917. if ( $wordpress_https->shared_ssl && !function_exists('auth_redirect') ) {

    918. 

  918. 	function auth_redirect() {

    919. 

  919. 		global $wordpress_https;

    920. 

  920. 		return $wordpress_https->auth_redirect();

    921. 

  921. 	}

    922. 

  922. }
    923.